KVM – Witsbits

Witsbits enables you to set up your servers with virtualization and deploy virtual machines faster than ever before. It’s a complete virtualization solution with a self-upgrading hypervisor and cloud-based centralized management, reducing time spent on maintenance to a fraction of what other solutions require. The self-configuring hypervisor comes as a Live CD, delivering the fastest time-to-deployment by removing the need for spending time on installation and configuration.

Read more at http://www.linux-kvm.org/page/Management_Tools

THE FASTEST PATH TO CLOUD MANAGEMENT

Your bare-metal servers will be ready to host virtual machines within 10 minutes. You will never have to upgrade your servers. You don’t have to install centralized management.

http://witsbits.com/

Hardware Requirements

Processor

You can use any 64bit x86 PC with 2GB of RAM and a CPU with virtualization extensions (Intel® VT-x or AMD-V™).

Info: Most CPUs has virtualization extensions, for details see Intel‘s and AMD‘s respective lists of virtualization capable processors.

Info: You may successfully use a CPU that lacks virtualization extensions with Witsbits to host Linux VMs. It will work, but with reduced performance. Windows VMs will however not work without enabled virtualization extensions.

Storage

For local storage devices you need a hard drive of at least 20GB. Alternatively you may use NFS for completely diskless servers. Or any combination of the two.

Network

The following network ports are required to be open in firewall for outgoing traffic: 443/TCP and 873/TCP.

The world’s greatest Azure demo

 

All the awesome wrapped up into a one hour superdemo

Test your SSL.

SSL Server Test

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don’t use the domain names or the test results, and we never will.

 

5 Sets to secure you against OpenSSL the Heartbleed Bug

 

“Leaked secret keys allows the attacker to decrypt any past and future traffic”
http://heartbleed.com/

Heartbleed OpenSSL – Where to change or not the passwords

Change these passwords now (they were patched)

  • Google, YouTube and Gmail
  • Facebook
  • Yahoo, Yahoo Mail, Tumblr, Flickr
  • OKCupid
  • Wikipedia

Don’t worry about these (they don’t use the affected software, or ran a different version)

  • Amazon
  • AOL and Mapquest
  • Bank of America
  • Capital One bank
  • Charles Schwab
  • Chase bank
  • Fidelity
  • E*Trade
  • HSBC bank
  • Microsoft, Hotmail and Outlook
  • PayPal
  • PNC bank
  • Scottrade
  • TD Ameritrade
  • Twitter
  • U.S. Bank
  • Wells Fargo

Don’t change these passwords yet (still unclear, no response)

  • American Express
  • Apple, iCloud and iTunes
  • Citibank
  • LinkedIn

 

Protect your Server Against the Heartbleed OpenSSL Vulnerability

Update your System

PLEASE NOTICE: Backup all your system before big updates!

Ubuntu and Debian

sudo apt-get update
sudo apt-get dist-upgrade

CentOS and Fedora

yum update

 

Checking your Version Numbers

Debian and Ubuntu Releases and Fix Versions

dpkg -l | grep "openssl"
  • Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
  • Ubuntu 12.04: 1.0.1-4ubuntu5.12
  • Ubuntu 12.10: 1.0.1c-3ubuntu2.7
  • Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
  • Ubuntu 13.10: 1.0.1e-3ubuntu1.2
  • Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
  • Debian 7 (Wheezy): 1.0.1e-2+deb7u6
  • Debian testing (Jessie): 1.0.1g-1
  • Debian unstable (Sid): 1.0.1g-1

If you are using Ubuntu 13.04 its HIGHLY RECOMMENDED for you to upgrade your version.
PLEASE NOTICE: Backup all your system before big updates!
Check for your OpenSSL version
dpkg -l | grep “openssl”

Check for your Ubuntu version
lsb_release -a

root@localhost:~# dpkg -l | grep "openssl"
ii libcurl4-openssl-dev 7.29.0-1ubuntu3.4 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libgnutls-openssl27:amd64 2.12.23-1ubuntu1.1 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1c-4ubuntu8.2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools
root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 13.04
Release: 13.04
Codename: raring

CentOS and Fedora Releases and Fix Versions

rpm -q -a | grep "openssl"
  • CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
  • CentOS 6: openssl-1.0.1e-16.el6.5.7
  • Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
  • Fedora 19: openssl-1.0.1e-37.fc19.1If your OpenSSL Fedora version number doesn’t ends in .1 you are vulnerable!

 

Check for your OpenSSL version
rpm -q -a | grep “openssl”

Check for your Ubuntu version
cat /etc/redhat-release

[root@stream4 ~]# rpm -q -a | grep "openssl"
openssl-1.0.1e-16.el6_5.4.x86_64
[root@stream4 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

 

Revoking and Reissuing your SSL Certs/Keys

  • regenerate your certificate using a new private key
  • create new key and then create the certificate or send CSR to certificate authority issuer to create the new certificate
  • replace the old certificate and start using the new ones.

 

Continue reading Protect your Server Against the Heartbleed OpenSSL Vulnerability